Yahoo! is investigating the incident, but it's confident that users are not affected
ViruS_HimA, the Egyptian hacker who managed to breach the systems of Adobe a few weeks ago, is back. He now claims to have gained access to Yahoo! servers.The hacker says he has managed to gain full access to one Yahoo domain and 12 of the company’s databases. He also reveals that he has found a reflected cross-site scripting (XSS) vulnerability.
To demonstrate his findings, he has published several screenshots.
ViruS_HimA highlights the fact that he is not a black hat – at least not anymore –, but Adobe and Yahoo! have forced him to publicly disclose his findings because they’ve failed to respond to his reports.
“As I said I've stopped black hat activities long time ago, I started reporting the vulnerabilities to the vendors. Google was great in fast reply and patch release. Same goes with some others. But for Adobe and Yahoo they were so slow in reply and fix,” the hacker wrote.
“You know what? Yahoo never reply for my message! So I decided to teach both of them a hard lesson to harden them security procedures.”
He claims that he’s not “looking to ruin anybody’s business” and he’s not willing to risk his career as a security researcher and a penetration tester.
The hacker advises Yahoo! to make a “hall of fame” for security researchers to encourage them to responsibly disclose the vulnerabilities they find.
Yahoo! representatives have told TNW that they’re currently investigating ViruS_HimA's claims and they’re working on addressing any vulnerabilities that are discovered in the process. However, they confirm that no users have been affected by the incident.
Back in November, Adobe was forced to shut down its Connectusers forum after the hacker published the details of around 200 users. At the time, he claimed to be in possession of 150,000 accounts owned by employees of Google, NASA, the US Military and various other high-profile organizations.